Solved: Basic CSS Setup help requested

jcotter · ‎06-09-2005

Greetings, I am very new to the CSS and I'm hoping for a little basic guidance. Here is what I have so far:

A pair of 11503's that I hope to setup in failover mode. I have a pair of Gig fiber ports in each unit.

The immediate need is to get redundancy going for a pair of unix servers running JBoss. They are presently at 10.0.5.45 and 10.0.5.140. But I am requesting that we move them to a VLAN that will sit on one side of the CSS boxes at 10.99.72.x. so their new IP addresses will be 10.99.72.45 and 10.99.72.46.

I just need to have redundancy for port 8080 on those two 10.99.72.x addresses and will need to have them on a virtual IP that is on the 10.0.x.x network.

Then I'll need to figure out the failover aspects of this with the two boxes...

Help!?

Gilles Dufour · ‎06-14-2005

First, it looks like the content has not been activated.

We should see the keyword "active" under the content rule definition.

Verify that your rule is alive with a 'sho summary'.

Next, you need to configure static route on the CSS so it knows how to reach clients.

You should at least have a default route.

Simply configure it with the command 'ip route 0.0.0.0 0.0.0.0 x.x.x.x'.

The nating is not needed if the response from the servers always go through the CSS.

If they are connected to the CSS this should be the case.

If they are not connected to the CSS, you should make the CSS the default gateway for the servers.

If that is not possible you will need nating.

In this case, simply add the command 'add destination service x.z.com' under the group definition.

Finally be aware that with this config, when you ping the VIP, the ping packet is loadbalanced to the servers and they are responsible to respond.

Regards,

Gilles.

View solution in original post

kejeusa · ‎06-13-2005

have you checked for ASR setup on cisco website? their is the best place to start, i was in the same boat about 2 months ago.

http://cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_guide_chapter09186a00801778d9.html

here is a good starting point

Gilles Dufour · ‎06-13-2005

the get started, you need

1/ define services

ie:

service server1

ip address 10.99.72.45

inservice

2/ define content rule

owner MyCompany

content jboss

virtual ip 10.0.x.x

add service server1

add service server2

inservice

This is the most basic config but it should get you started.

For redundancy I would strongly recommend vip/interface redundancy.

you configure it like this :

circuit VLANX

ip address x.x.x.x/x

ip virtual-router prio [preempt]

ip redundant-vip 10.0.x.x

ip redundant-ip x.x.x.x

Regards,

Gilles.

jcotter · ‎06-14-2005

Okay, he is the configuration from the main unit I have installed... I cannot ping the VIP addresses from anything else but the CSS. I'm not sure the NAT is correct either - don't I need one NAT for both sides? Also, what about routes? How should I add them? Just for the 10.0.x.x side? And the redundant interfaces.... do they just work or is there some extra configuration somewhere that I just haven't seen?

Any and all help is appreciated.

!*************************** GLOBAL ***************************

no restrict web-mgmt

snmp name "CSS1a"

!************************* INTERFACE *************************

interface 1/1

trunk

vlan 72

interface 1/2

trunk

vlan 255

!************************** CIRCUIT **************************

circuit VLAN72

ip address 10.99.72.100 255.255.255.0

ip virtual-router 72 priority 200 preempt

ip redundant-interface 72 10.99.72.10

circuit VLAN255

ip address 10.0.5.109 255.255.0.0

ip virtual-router 10 priority 200 preempt

ip redundant-interface 10 10.0.5.134

ip redundant-vip 10 10.0.5.98

!************************** SERVICE **************************

service x.z.com

keepalive port 8080

keepalive type tcp

ip address 10.99.72.45

active

service y.z.com

keepalive port 8080

keepalive type tcp

ip address 10.99.72.140

active

!*************************** OWNER ***************************

owner sath

content JBoss

add service x.z.com

add service y.z.com

vip address 10.0.5.98

!*************************** GROUP ***************************

group source-nat

vip address 10.0.5.98

active

Gilles Dufour · ‎06-14-2005

First, it looks like the content has not been activated.

We should see the keyword "active" under the content rule definition.

Verify that your rule is alive with a 'sho summary'.

Next, you need to configure static route on the CSS so it knows how to reach clients.

You should at least have a default route.

Simply configure it with the command 'ip route 0.0.0.0 0.0.0.0 x.x.x.x'.

The nating is not needed if the response from the servers always go through the CSS.

If they are connected to the CSS this should be the case.

If they are not connected to the CSS, you should make the CSS the default gateway for the servers.

If that is not possible you will need nating.

In this case, simply add the command 'add destination service x.z.com' under the group definition.

Finally be aware that with this config, when you ping the VIP, the ping packet is loadbalanced to the servers and they are responsible to respond.

Regards,

Gilles.

jcotter · ‎06-14-2005

Alright, I'm making progress. I removed all the NAT stuff. Here is my current config. I'm VERY close to getting this working. I can ping the VIP, but the service doesn't work (port 8080).

!*************************** GLOBAL ***************************

no restrict web-mgmt

snmp name "CSS1a"

!************************* INTERFACE *************************

interface 1/1

trunk

vlan 72

interface 1/2

trunk

vlan 255

!************************** CIRCUIT **************************

circuit VLAN72

ip address 10.99.72.100 255.255.255.0

ip virtual-router 72 priority 200 preempt

ip redundant-interface 72 10.99.72.10

ip critical-service 72 x.y.com

ip critical-service 72 y.z.com

circuit VLAN255

ip address 10.0.5.109 255.255.0.0

ip virtual-router 10 priority 200 preempt

ip redundant-interface 10 10.0.5.134

ip redundant-vip 10 10.0.5.98

ip critical-service 10 x.y.com

ip critical-service 10 y.z.com

!************************** SERVICE **************************

service x.y.com

keepalive port 8080

keepalive type tcp

ip address 10.99.72.45

active

service y.z.com

keepalive port 8080

keepalive type tcp

ip address 10.99.72.140

active

!*************************** OWNER ***************************

owner sath

content JBoss

add service x.y.com

add service y.z.com

vip address 10.0.5.98

active

Gilles Dufour · ‎06-14-2005

The CSS config looks good.

If you do a 'sho summary', do you see hits on your content rule ?

Is it incrementing when you connect to port vip:8080 ?

If yes, you will need to verify the server and capture a sniffer trace to see if the server is responding and where is the response being sent.

You can get a free sniffer at www.ethereal.com

Gilles.

kejeusa · ‎06-15-2005

i see where u have defined your ip critical service in the service area, along with the keep alive type. unless the server it self is the critical service usually this is set for a switch that may exist on either side of the css.

also if you plan on making the sessions redundant for fail-over redundant indexs should be defined. do you plan on using any isc-ports either if the CSS is going to have backup CSS to monitor something other than the VRRP messages from the master.

also the config should almost mirror except for the circuit ip address and verify that each are running the same version of code